A recent report on the state of inclusion of women in cybersecurity shows 68% cite leadership as a source of exclusion.

The State of Inclusion of Women in Cybersecurity report, conducted by Women in CyberSecurity (WiCyS) in collaboration with the DEI firm Aleria, found that women faced numerous workplace experiences that contribute to their overall feeling of exclusion and consequently, their rates of satisfaction, productivity and retention. According to the report, women were especially impacted by a lack of career and growth opportunities, and by a lack of respect that stemmed from company leadership, direct managers and peers. 

“We know that the representation of women in cybersecurity hovers around 24%, far lower than it should be,” said Lynn Dohm, executive director of WiCyS. “We wanted to find out why this was the case and were somewhat — but not entirely — surprised that the most common source of women’s feelings of exclusion came from people, not company policies. This highlights the fact that we still have a long way to go when it comes to accepting women in the cybersecurity industry.”

Key report highlights: 

  • 68% of participants cited leadership as being a source of experiences of exclusion, 61% cited managers and 52% cited peers. By comparison, workplace policies were cited as a source of exclusion by only 12% of the participants.
  • 83% of participants shared at least one experience of exclusion.
  • The top two categories where participants reported exclusion were career and growth (reported by 57% of participants) and respect (reported by 56% of participants), which dominate the categories of workplace experiences of exclusion. Other frequently-cited categories include recognition and access, both cited by 41% of participants.
  • New hires report exclusion levels that are 17% higher than those who have been with an organization for two to five years; however, the highest exclusion levels come after six years with the same organization.
  • Larger organizations (5,000 or more employees) seem to be more inclusive than smaller companies.
  • Cybersecurity firms have a higher level of exclusion than non-cybersecurity firms. This finding aligns with similar studies showing that technology companies tend to have higher overall exclusion scores than companies in other sectors, especially for women.

The data for the report was gathered from a series of workshops in February attended by more than 300 women who anonymously entered information about themselves and their work, sharing uncomfortable workplace experiences and categorizing each experience into typical aspects of the workplace such as career and growth, respect and work-life balance. The data was then used to calculate an exclusion score, a numerical value that combines prevalence (the proportion of participants who shared at least one experience), severity (the average number of experiences shared per person) and frequency (one-time or recurring).

Overall, nearly 500 experiences were collected, with women reporting incidents such as male coworkers viewing pornography in their presence, receiving less “pats on the back” than their male counterparts, and being asked to speak with a man in IT instead of them.

“Our study makes it crystal clear that leaders of any organization must educate themselves about inclusion and must start treating inclusion as a key part of their business strategy,” said Paolo Gaudiano, co-founder and president of Aleria. “With cybersecurity facing a serious shortage of workers, it is essential to understanding the obstacles that prevent women — who have so much to offer the industry — from entering and advancing in the field. We hope our study is a much-needed wake-up call for business leaders to move beyond diversity as the sole metric, and to make inclusion a key part of their DEI strategy and objectives.”